solution web-ui high macos linux windows

Control UI: disconnected (1008): device identity required (HTTP / insecure context)

Fix Control UI failures caused by opening the dashboard over plain HTTP on a remote host. Use HTTPS or local access first; treat remote plain HTTP as an advanced documented exception.

By CoClaw Team

Symptoms

  • Control UI disconnects with:
    • “disconnected (1008): device identity required”
  • This commonly happens when you open the dashboard via:
    • http://<lan-ip>:18789/
    • http://<tailscale-ip>:18789/

Cause

On remote plain HTTP, many browsers run in a non-secure context and block WebCrypto. OpenClaw uses WebCrypto to establish device identity for Control UI auth/pairing, so the gateway rejects the connection.

Fix

Expose the Control UI via HTTPS (for example, using Tailscale Serve), then open the HTTPS URL. If the gateway requires a token, generate a fresh dashboard entrypoint on the gateway host:

openclaw dashboard

2) Or open locally via an SSH tunnel

Tunnel the port and open the UI locally:

ssh -N -L 18789:127.0.0.1:18789 user@host

Then open:

  • http://127.0.0.1:18789/

3) If you must use remote plain HTTP (advanced)

Treat this as an exception for a controlled network path, not the normal remote-dashboard route. Use the current Control UI auth guide for the exact option on your installed version, and prefer a tokenized link plus loopback/tunnel access when possible.

Verify

  • The Control UI connects and stays connected.
  • The disconnect message no longer appears.

Verification & references

  • Reviewed by:CoClaw Code Team
  • Last reviewed:March 14, 2026
  • Verified on: macOS · Linux · Windows

References

Official docs

  1. OpenClaw docs: /gateway/troubleshooting
  2. OpenClaw docs: /web/control-ui
Want to explore more? Browse all solutions or ask in the Community Forum .
Report a problem

Related Resources

Control UI: disconnected (1008): pairing required
Fix
Fix Control UI disconnects caused by device pairing. Approve the browser/device once, then reconnect (common on remote hosts and Docker).
Control UI assets missing
Fix
Fix 'Control UI assets not found' by building UI assets (pnpm ui:build) or running openclaw doctor UI repair when sources are present.
Control UI shows 'unauthorized' / keeps reconnecting
Fix
Fix OpenClaw dashboard/control UI auth errors (unauthorized, 1008, reconnect loop) by aligning gateway token/password and reachability.
Control UI: dashboard root returns plain-text 'Not Found' after upgrade (pnpm global install)
Fix
Fix cases where the gateway starts normally after an upgrade, but `/` returns plain-text `Not Found` until Control UI assets are copied out of the pnpm global package tree and `gateway.controlUi.root` points at that local copy.
OpenClaw Control UI Auth & Pairing: Fix 'unauthorized', 1008, and Remote Dashboard Access
Guide
Restore stable Control UI access by separating gateway auth from device pairing, fixing unauthorized and 1008 loops, and verifying that your remote path stays stable.
OpenClaw Pairing Explained: The Trust Model Behind Control UI
Guide
Understand what Control UI pairing actually proves, why local and remote access behave differently, where users confuse pairing with auth, and how to troubleshoot trust failures without guessing.